By Judith M. Myerson
Imagine you are a supply chain executive at a retail chain that has implemented radio frequency identification technology in its stores. One day, you find yourself in one of your company's RFID-enabled store wondering about the new security issues associated with the radio frequency technology. Then you look out of the window and see a shopper with a cat walking into the store. The next thing you know, the store's RFID infrastructure suddenly shuts down. RFID readers and checkout computers stop working. Thousands of dollars worth of sales are lost in one day. What would you do? Run out of the store? Not likely. You probably would take a closer look at the cat or the shopper.
The cat might be carrying an unseen transmitter, or the shopper might have a transmitter implanted between his thumb and finger so small that it would not be noticeable to the human eye. In either case, the transmitter could be used to block radio signals, causing the store's systems to shut down, or to send a malicious virus to an EPC Information Services (IS) server containing product RFID data.
It's a good thing you have a disaster recovery plan in place! The store reopens shortly, giving you the opportunity to consider other RFID security issues that have not been addressed. Walking about the store, you see very few shoppers carrying RFID mobile readers to scan products, but you know that someday soon more and more consumers will begin using personal RFID readers to scan goods before they get to the checkout counter. The more shoppers use these readers, the more likely that tag signal interference will occur, again raising security concerns.
The above scenarios point to three RFID security concerns: human implantable RFID tags, signal interference, and RFID tag eavesdropping and jamming. Although you can never completely remove vulnerabilities that the hackers can exploit, you can provide leadership in defining and understanding the RFID security concerns and vulnerabilities facing your company, how the risks can be mitigated, and which safeguards will yield the best returns on investment (ROI). The ROIs will reflect how well your security policy is enforced and the resulting security program is implemented. The safeguards offered below are recommendations, and you can either change them or build upon them according to your organizational and security requirements.
Watch Out for Implantable RFID Tags
How do you detect if the hacker (e.g., the shopper) has an RFID transmitter implanted in his hand? With this tool, a hacker can wave his hand to unlock a door to enter a warehouse filled with RFID-tagged pallets and cases, and then alter the tags. Or the hacker could send a malicious virus to the reader for transmission, for example via a method called "SQL injection," to an RFID tag affixed to case of, say, Kleenex boxes.
I call this tool "war-waving," a more daring and bold strategy than "war-walking" or "war-driving." In war-walking, the hacker walks up to the building and physically forces open the locked doors in order to lift and switch tags from one merchandise type to another. In war-driving, the hacker driving by a facility uses a wireless device to scan the signals emitted from a mobile PDA or a wireless-based laptop for illegal use. One way of mitigating the risks of war-waving is to set the reader to validate a user permission code in the tag. Another way is to develop means of preventing the execution of SQL injections via a standard tag data dictionary and validation schemes. A reader should set off an alarm when it detects an invalid permission code.
Can You Hear Me, RFID Tag?
Another security threat comes from hackers who are able to eavesdrop on, and jam, RFID tags. The problem with RFID tags to date is that they are not conducive to using standard means of cryptography to protect them.
For example, the power of passive tags is too weak and the memory too small to incorporate the regular cryptography to secure them from eavesdropping and jamming. And while the active tags are battery-operated and have larger memory, and scanning area, the power of these tags is not strong enough for the regular cryptography to work properly.
A promising alternative to cryptography is ultra wideband (UWB) modulation. Dong S. Ha, and Patrick Schaumont spoke at the IEEE RFID 2007 Conference about how this type of modulation can be used to implement the link from RFID tags to readers. As they discussed, this technology, still being developed, allows for the use of relatively simple ciphers, and UWB is more secure against interference than narrowband.
Tag Signal Interference
Signal interference with RFID tags can result from improper antenna orientation in the tags and close proximity of readers. The challenge is to detect signal interference between tags.
Let's suppose a shopper places RFID-tagged products in a shopping cart in a random orientation. Signal interference occurs when the signals from the antenna in some tags interfere with the signals from the antenna in other passive tags on products. As a result, when your shopper proceeds to checkout, the reader at the checkout counter might not be able to read all the tags in the cart. This means that the tagged items in the shopping cart must be taken out and placed on the checkout counter for proper alignment of the items' orientation before the tags on these items can be adequately re-scanned.
Even if the tagged items are placed in a proper orientation order in the cart to prevent signal interference at checkout, mobile RFID handheld readers (e.g., personal readers used by shoppers as they move about the store) used in close proximity to other readers could garble data while scanning the tags. The radio frequency field generated by one reader used to scan the items in one cart may overlap the field of another reader used to scan different items in a second cart that happens to be in close proximity to the first cart.
To alert the shopper of the read tag interference, these mobile readers could include an alert mechanism that would be able to change color from green to red when signal interference is detected due to overlapping scanning areas caused by the proximity of another shopper's reader. When the red color blinks, a shopper would move away from the overlapping area until the alert stops blinking or turns green.
Not Enough Room Here!
Active RFID tags give rise to another signal interference issue. The challenge here is to mitigate the risks of signal interference due to improper antenna orientation, insufficient numbers of antennas, improper positioning and inadequate reading area.
As you may know, an RFID reader cannot communicate with an active RFID tag that is oriented perpendicular to the reader antenna. With active tags and readers, unlike with passive tags, a minimum of one antenna must be located in one zone. Although several antennas enable more accurate tag positioning to allow for greater reading area, improper positioning due to reflections from walls and equipment can adversely affect the transmission. Tags that are not located at the correct horizontal or vertical levels in buildings also affect transmission quality.
Canus, a maker of goat's milk soap, offers a good example of how it resolved the signal interference by changing the positioning and orientation of the antenna. Its docking door allowed only three antennas to be set up, but the third antenna did not allow enough reading area. Adjustments were made to this antenna by changing its orientation and position to provide a greater reading area, and a fourth antenna was added to ensure that a tag can be read regardless of its location on the pallet.
RFID technology offers great promise for improving supply chain efficiencies, including through store-level deployments. However, as the examples above illustrate, companies that are serious about leveraging this still-emerging technology must take into consideration the various security issues inherent to RFID.
About the Author: Judith M. Myerson is a systems architect and engineer and the author of RFID in the Supply Chain: A Guide to Selection and Implementation. Her name currently appears in the acknowledgments list of the final draft of NIST SP 800-98, Guidance for Securing Radio Frequency Identification (RFID) Systems. She maintains the RFID Systems Reengineering Web site (www.c2040.com) and can be reached at firstname.lastname@example.org regarding other security issues, consulting, services and training.